From ForensicsWiki
Revision as of 19:49, 4 August 2008 by .FUF (Talk | contribs) (New page: {{Infobox_Software | name = tcpflow | maintainer = Jeremy Elson | os = {{Linux}} | genre = Network forensics | license = {{GPL}} | website = [

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Maintainer: Jeremy Elson
OS: Linux
Genre: Network forensics
License: GPL

tcpflow is a tool that captures data transmitted as part of TCP connections, and stores the data in a way that is convenient for protocol analysis, keyword searching, etc.


tcpflow stores all captured data in files that have names of the form

where the contents of the above file would be data transmitted from host port 2345, to host port 45103.


tcpflow does not understand IP fragments.